Microsoft President Urges Intelligence Agencies Not To Hoard Cyber Vulnerabilities

Remigio Civitarese
Mag 20, 2017

Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the USA government from developing cybertools" that then work as intended.

"The still in a relatively good place - I don't want to jinx it", the department official says. "They've been able to manage through it".

Federal Express "has resumed normal operations and systems are performing as designed", said spokesperson Rae Lyn.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. The initial attack had started after many offices had closed Friday. But that patch came two months after it issued similar ones that fixed the same flaw in more recent versions of Windows. All the security experts we spoke to agreed with Troy Hunt's tips, which include patching and having a robust backup strategy.

"More than 40,000 businesses and institutions in China have been struck by the malware, according to state media", Schmitz says.

CERT-In, the government's cyber security arm, has maintained that apart from five or six isolated instances, there are no reports of a substantial scale to indicate that Indian systems have been hit.

Earlier in the day, the Computer Emergency Response Team of India (CERT-In), under the IT Ministry, held a web conference, sharing technical details of the attack and precautions to be taken. "However, Hitachi and others have mostly only reported loss of email and other secondary functionalities".

The culprits can only restore users' systems by manually sending the decryption key to each affected computer, which will amount to a time-consuming process, he said.

Malware-tracking maps show WannaCry has remained active in Europe over the past 24 hours.

In India, Information Technology Minister Ravi Shankar Prasad said barring "isolated incidents" in Kerala and Andhra Pradesh, there had been no major impact of the attack.

"The recent attack is at an unprecedented level and will require a complex worldwide investigation to identify the culprits", Europol's European Cybercrime Center says.

WannaCry asks for US$300 in the first three days of infection, then US$600 for the next four. Brad Smith, the company's lawyer wrote on Microsoft's official blog: "An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen". A researcher from Google posted on Twitter that an early version of WannaCrypt from February shared some of the same programming code as malicious software used by the Lazarus Group, the alleged North Korean government hackers behind the destructive attack on Sony in 2014 and the theft of $81m from a Bangladesh central bank account at the New York Fed previous year. Rather, it's a Windows vulnerability that the NSA knew about, and which was disclosed in January 2017.

"The United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they're aware of", Tom Bossert, the White House homeland security adviser, said at a press briefing on Monday.

In March, thousands of leaked Central Intelligence Agency documents exposed vulnerabilities in smartphones, televisions and software built by Apple, Google and Samsung Electronics. The WannaCry malware is shaping up to be one of the largest of its kind, infecting almost a quarter-million computers in 150 nations since it was launched on Friday.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE